[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249982

 
 

909

 
 

195748

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-5170Date: (C)2006-10-10   (M)2023-12-22


pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017153
2006-0061
http://www.securityfocus.com/archive/1/447859/100/200/threaded
BID-20880
SECUNIA-22682
SECUNIA-22685
SECUNIA-22694
SECUNIA-22696
SECUNIA-22869
SECUNIA-23132
SECUNIA-23428
ADV-2006-4319
DSA-1203
GLSA-200612-19
MDKSA-2006:201
RHSA-2006:0719
SUSE-SR:2006:027
http://bugzilla.padl.com/show_bug.cgi?id=291
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286
https://issues.rpath.com/browse/RPL-680
oval:org.mitre.oval:def:10418

CPE    4
cpe:/o:redhat:enterprise_linux:4.0
cpe:/o:redhat:enterprise_linux_desktop:4.0
cpe:/o:fedoraproject:fedora_core
cpe:/o:debian:debian_linux:3.1
...
CWE    1
CWE-755

© SecPod Technologies